[cabfpub] Ballot 113 - Revision to QIIS in EV Guidelines
Rijt, R.A. van de (Robert) - Logius
robert.vande.rijt at logius.nl
Thu Jan 9 09:15:39 UTC 2014
Logius PKIoverheid votes "yes"
From: public-bounces at cabforum.org<mailto:public-bounces at cabforum.org> [mailto:public-bounces at cabforum.org] On Behalf Of Ben Wilson
Sent: Monday, December 30, 2013 4:47 PM
To: public at cabforum.org<mailto:public at cabforum.org>
Subject: [cabfpub] Ballot 113 - Revision to QIIS in EV Guidelines
Ballot 113 - Revision to QIIS in EV Guidelines
The following proposal comes from EV working group. Jeremy Rowley made the following motion, and Rich Smith and Kirk Hall have endorsed it.
This ballot proposes a replacement to Section 11.10.5 of the Extended Validation Guidelines, which defines the qualifications of a QIIS. The previous QIIS definition did not accurately capture current CA practices. In fact, a strict reading of the existing definition might imply that CAs were prohibited from using Dun & Bradstreet, Hoovers, and other commercially reliable sources generally regarded as accurate sources of information. The proposed definition consolidates confusing and overlapping requirements while clarifying the QIIS verification requirements for CAs. The new definition permits CAs to use databases of information if the CA has documented its process to verify the data's accuracy and the CA knows the information is not self-reported.
--- Motion begins ---
Replace Section 11.10.5 in the EV Guidelines:
11.10.5 Qualified Independent Information Source
A Qualified Independent Information Source (QIIS) is a regularly-updated and current, publicly available, database designed for the purpose of accurately providing the information for which it is consulted, and which is generally recognized as a dependable source of such information. A commercial database is a QIIS if the following are true:
(1) Industry groups rely on the database for providing accurate location or contact information;
(2) The database distinguishes between self-reported data and data reported by independent information sources;
(3) The database provider identifies how frequently they update the information in their database;
(4) Changes in the data that will be relied upon will be reflected in the database in no more than 12 months; and
(5) The database provider uses authoritative sources independent of the Subject, or multiple corroborated sources, to which the data pertains.
Databases in which the CA or its owners or affiliated companies maintain a controlling interest, or in which any Registration Authorities or subcontractors to whom the CA has outsourced any portion of the vetting process (or their owners or affiliated companies) maintain any ownership or beneficial interest do not qualify as a QIIS. The CA MUST check the accuracy of the database and ensure its data is acceptable.
With the following proposed language for Section 11.10.5:
11.10.5 Qualified Independent Information Source
A Qualified Independent Information Source (QIIS) is a regularly updated and publicly available database that is generally recognized as a dependable and accurate source for certain information.
A database qualifies as a QIIS if the CA determines that:
(1) Industries other than the certificate industry rely on the database for accurate location, contact, or other information; and
(2) The database provider updates its data on at least an annual basis.
The CA SHALL NOT use any data in a QIIS that the CA knows is (i) self-reported and (ii) not verified by the QIIS as accurate.
Databases in which the CA or its owners or affiliated companies maintain a controlling interest, or in which any Registration Authorities or subcontractors to whom the CA has outsourced any portion of the vetting process (or their owners or affiliated companies) maintain any ownership or beneficial interest, do not qualify as a QIIS.
--- Motion ends ---
The review period for this ballot shall commence immediately at 2300 UTC on 30 December 2013 and will close on 6 January 2014.
Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 2300 UTC on 13 January 2014.
Votes must be cast by posting an on-list reply to this thread.
A vote in favor of the ballot must indicate a clear 'yes' in the response.
A vote against the ballot must indicate a clear 'no' in the response.
A vote to abstain must indicate a clear 'abstain' in the response.
Unclear responses will not be counted.
The latest vote received from any representative of a voting member before the close of the voting period will be counted.
Voting members are listed here: https://cabforum.org/members/
In order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and more than one half of the votes cast by members in the browser category must be in favor.
Quorum is currently six (6) members- at least six members must participate in the ballot, either by voting in favor, voting against, or by abstaining for the vote to be valid.
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.
This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. .
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public